The invention relates to telecommunications systems, and more particularly to insuring the privacy of communications made via a telecommunications system.
Privacy is an important issue for many users of telecommunications equipment. The issue relates to ensuring that only the intended parties in a conversation carried over a particular telecommunications system are connected to receive the voice information. Privacy is of particular concern in corporate environments where multifunction telephone systems allow calls to be forwarded, transferred, or conferenced. For example, the privacy of a telephone call can be breached when a calling party A believes it has contacted party B but the call has unknowingly been forwarded or transferred to party C. Because the calling party A is unaware that it has contacted the wrong party, calling party A may provide information to party C that is not intended for party C. In another example, the calling party A may not want certain sensitive information to be heard by other parties within earshot of the called party B. However, without the calling party""s knowledge, the called party may conduct its end of the conversation through a hands-free speakerphone which projects the conversation to the surrounding environment, potentially breaching the privacy of the call.
Many of the same privacy concerns related to real-time telephone conversations exist with respect to voice messaging systems that are commonplace in multifunction telephone systems. For example, in most messaging systems a voicemail message intended to be heard only by a particular party may be call forwarded to unintended parties or overheard when an intended party listens to the message using a speakerphone with unintended parties within earshot. A privacy feature which prevents voicemail messages, identified as private, from being forwarded or copied has been added to some messaging systems and is described in U.S. Pat. No. 5,568,540 entitled xe2x80x9cMethod and Apparatus for Selecting and Playing a Voicemail Message,xe2x80x9d issued to Greco et al. (hereinafter Greco). Although the privacy feature works well for its intended purpose, the feature of Greco is limited to preventing a specifically marked voicemail message from being forwarded or copied to anyone but the intended recipient. Greco does not provide any other privacy options, such as protection against a message being overheard during replay via a speakerphone.
In view of the privacy concerns involved with telephone communications and in view of the limited privacy controls available in telephone systems, what is needed is a voice communications approach that offers improved privacy functions.
Methods and an apparatus for protecting call privacy allow a calling party to control the privacy of a telephone call by selecting among a group of privacy options that represent varying degrees of privacy and by enforcing the selected privacy options during the call. The privacy options selected for the call limit the ability of a called party to manipulate the call. For example, the privacy options may prevent the called party from forwarding the call, transferring the call, conferencing the call, and/or listening to the call via a hands-free speakerphone. Allowing the calling party to control how freely the called party can manipulate an incoming call helps to ensure that the calling party""s privacy expectations are met. In an additional aspect of the invention, the selected privacy options are transferred to any voicemail message that is generated as a result of the call made by the calling party.
In a preferred embodiment, the call privacy system is embodied in a telephony-over-local area network (LAN), or ToL, communications system that enables real-time voice conversations over a packet-based network such as a LAN. The preferred ToL system includes communications nodes, and optionally a telephony server and a data server. The communications nodes may consist of a computer and a telephone which are connected to each other and to the LAN. Each computer is preferably equipped with a telephony programming application interface (TAPI) that allows the computers to be used for telephony functions, such as call placement. The telephones are preferably digital telephones that are compatible with computer telephony protocols. The telephony server connected to the LAN provides the computer telephony functionality for the ToL system. The telephony functionality includes managing call control between the communications nodes and potentially with a PSTN via a ToL gateway. In a preferred embodiment, the telephony server includes a messaging system with voicemail capability. As an alternative embodiment, the messaging system may be encompassed in other devices. The optional data server may provide access to traditional database information, such as financial records, manufacturing schedules, and/or customer information. In the preferred system, data and voice information is passed between the communications nodes and/or the servers through the same communications network. The communications nodes and telephony server are configured to provide extended caller-initiated privacy options within the ToL network. Although various other privacy options may be implemented, preferred caller-initiated privacy options include preventing a call from being forwarded, transferred, or conferenced, and preventing a call from being conducted using a speakerphone of the called party. Additional caller-initiated privacy options include preventing voicemail messages from being forwarded, transferred, or conferenced, and preventing voicemail messages from being amplified for replay using a speakerphone.
In the preferred embodiment, a calling party initiates a call via a call placement screen that is configured to display the available privacy options, the call placement screen may be part of a call placement software application that is resident in the computers of the communications nodes. The call placement screen includes many traditional call control buttons, such as a standard telephone keypad, a dial button, and a display of the number to dial. The call placement screen may also include feature buttons such as redial, conference, hold, speaker, and transfer buttons that activate the corresponding functions. In the preferred embodiment, the call placement screen also includes a privacy button and individually selectable privacy options. The individually selectable privacy options include block-call-forwarding, block-call-transferring, block-call-conferencing, and block-speakerphone-use. A calling party can select a particular privacy option or a combination of privacy options by, for example, directing a cursor to a desired selection box and clicking a mouse or equivalent device.
A preferred operation of the caller-initiated privacy system is described for a calling party A that wishes to place a call to a called party B. To initiate the call, the calling party A accesses a call placement screen via a communications node. The calling party A then identifies the called party B by entering the number (i.e., the extension number) of the called party. The calling party A then has the option of selecting among any combination of privacy options that are displayed on the call placement screen. Once the caller-initiated privacy options are selected, the call placement application generates and transmits a call setup protocol message that identifies the selected privacy options. After call setup is complete, the call is initiated and the called party B receives the call that has been established within the parameters dictated by the selected call privacy options.
During the call, the selected call privacy options are enforced by the telephony server and the respective communications nodes. In the preferred embodiment, the block-call-forwarding, transferring, and conferencing options are enforced via the telephony server, because the telephony server coordinates all the telephony functions. The block-speakerphone-use option is enforced by cooperation between the communications nodes and the telephony server. That is, the communications nodes are programmed to request permission from the telephony server to activate a speakerphone at a communications node. A request to activate a speakerphone will be denied if the block-speakerphone-use option is active on the particular call. In the preferred embodiment, enforcement of the selected privacy options is transferred to any message, such as a voicemail message, that is generated in response to the present call.
Although the techniques of providing multiple caller-initiated privacy options are described with reference to a packet-switched LAN, the caller-initiated privacy options can be implemented in circuit-switched telephone networks that utilize, for example, a private branch exchange (PBX) and/or a central office.